10 Crore Android Users At Risk Of Data Theft – ES File Explorer Has A Hidden Web Server!
ES File Explorer has been downloaded by more than 100 million users.
This can be easily one of the biggest security risks, Android users have ever faced. One of the most popular file manager app: ES File Explorer has been exposed with a hidden web server, which is running in the background.
What does that mean? And who found out this security vulnerability?
Keep reading to find out more!
ES File Explorer Can Be Hacked: Elliot Alderson
Elliot Alderson, whose Twitter handle is @fs0c131y, is a mysterious security researcher, who has exposed a lot of data vulnerabilities in the past, including the in-famous Aadhaar challenge in India.
He has found out that ES File Explorer has a hidden web server running in the background, which can easily be hacked by anyone to steal information.
In a series of tweets posted just now, he has revealed this shocking discovery.
ES File Explorer Can Be Hacked?
In a nutshell, the revelations by Elliot Alderson state that if an ES File Explorer app user is connected to a local network, say a WiFi network or a LAN inside a building, the data on his/her Android phone can be extracted by anyone, who is also connected in the same local network.
Elliot tweeted: “With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone.”
With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone https://t.co/Uv2ttQpUcN
— Elliot Alderson (@fs0c131y) January 16, 2019
How Will This Hack Work?
To demonstrate this hack, and data vulnerability, Elliot wrote a simple script and used this vulnerability to pull out images, phone numbers, videos, apps from another Android phone. He even pulled out information stored in the memory disk of that phone.
The hidden web-server which is running in the background of ES File Explorer App can be pretty useful as well: For example, it can use HTTP protocol to stream videos to other apps. But this also opens up a portal for the hacker, wherein anything from the Android phone can be hacked.
Technically speaking, this data vulnerability can only affect those, who are connected into a local network – Internet and WWW cannot be used to steal information via this exposed web-server. However, who knows, any hacker can be lurking around in the local network, and if that happens, your data in the Android smartphone is at risk.
ES File Explorer Has 10 Crore Users
This exposure by Elliot becomes serious, as more than 100 million or 10 crore users have downloaded ES File Explorer app for navigating the files on their Android smartphone or tablet.
There has been no reply from the creators of ES File Explorer as of now.
We will keep you updated, as more details come in.